We can't leak what we never had.
XLtoPDF is built on a single, non-negotiable principle: your spreadsheet is none of our business. This page explains, in plain English, exactly what that means.
1. What data we collect
None. XLtoPDF does not collect, receive, or process any of the spreadsheets you convert. Your .xlsx, .xls and .csv files never leave your device. The entire conversion pipeline runs as JavaScript inside your browser tab.
2. File handling & deletion
When you drop a file into the converter, it is read into the browser's volatile memory (RAM) for the duration of the conversion. The instant the PDF is generated and downloaded, that memory is released. Closing or refreshing the tab guarantees deletion. There is no server-side cache, no temporary storage, no copy.
3. Cookies & tracking
XLtoPDF does not set tracking cookies, does not fingerprint your browser, and does not run third-party advertising or analytics scripts that read your file activity.
4. Third parties
We do not share data with third parties because we do not collect data. The only external resources loaded by the site are web fonts (Google Fonts) used for typography.
5. GDPR, CCPA & HIPAA
Because no personal data is collected, processed, or transmitted by XLtoPDF, the service is compatible with GDPR, CCPA, and HIPAA-sensitive workflows by architecture. You retain sole custody of your file at all times.
6. Verification
Open your browser's DevTools → Network tab before converting a file. You will see zero outbound requests carrying your data. The PDF download is generated as a local Blob in your browser.
7. Contact
Questions about this policy? Reach us at xltopdf@gmail.com.